| Summary: | Javascript function returns incorrect value after being JIT-compiled | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Daniel Szabo <szdy12> | ||||
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> | ||||
| Status: | RESOLVED WORKSFORME | ||||||
| Severity: | Major | ||||||
| Priority: | P1 | ||||||
| Version: | 528+ (Nightly build) | ||||||
| Hardware: | iPhone / iPad | ||||||
| OS: | iOS 7.0 | ||||||
| Attachments: |
|
||||||
Seems to be fixed in iOS 8 Safari |
Created attachment 222429 [details] html page with javascript showing errorenous JIT behavior See attachment. Javascript function 'calc' will be called in a loop. After several iterations its return value will be zero instead of the reference value. The non-jitted function 'calc2' (which is the exact copy of 'calc') returns still the reference value. Actual result on iPad mini (iOS 7.0.4, Safari/9537.53): after 35 iterations the result value will be constant zero.